The ICO exists to empower you through information.

This glossary is included as a quick reference point for key data protection terms and abbreviations used in this code. It includes links to further reading and other resources which do not form part of this code, but may provide useful context and more detailed guidance.

ASA The Advertising Standards Authority. See www.asa.org.uk
CAP code The UK Code of Non-broadcast Advertising and Direct & Promotional Marketing. See: www.asa.org.uk/codes-and-rulings/advertising-codes/non-broadcast-code.html
Child A person under the age of 18 years, as defined in the UNCRC.
Competent authority A public authority listed in schedule 7 of the DPA 2018, or any other organisation or person with statutory law enforcement functions. For more information, see our separate Guide to Law Enforcement Processing.
Consent A freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data. For more information, see our separate guidance on consent.
Controller The person (usually an organisation) who decides how and why to collect and use the data. For more information, see our separate guidance on controllers and processors.
DPA 2018 The Data Protection Act 2018. For more information, see our separate introduction to data protection.
DPIA Data protection impact assessment. For more information, see our separate guidance on DPIAs.
GDPR The General Data Protection Regulation (EU) 2016/679, as amended and incorporated into UK law. For more information, see our separate Canllaw i Ddiogelu Data . When the UK leaves the EU (or at the end of any agreed implementation period if we leave with a deal), you should read references to the GDPR in this code as references to the UK GDPR.
ISS Information society service, as defined in Directive (EU) 2015/1535 and incorporated into the GDPR (any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient).
One-stop-shop The one-stop-shop means you can generally deal with a single European supervisory authority taking action on behalf of the other European supervisory authorities. It avoids you having to deal with regulatory and enforcement action from every supervisory authority in every EEA and EU state where individuals are affected. For more information, see EDPB guidelines on the lead supervisory authority.
PECR The Privacy and Electronic Communications (EC Directive) Regulations 2003. For more information, see our separate Canllaw i’r PECR.
PEGI Pan European Game Information. For more information see www.pegi.info/
Processor A person (usually an organisation) who processes personal data on behalf of a controller. For more information, see our separate guidance on controllers and processors.
UK GDPR The UK version of the GDPR, as amended and incorporated into UK law after the UK leaves the EU by the European Union (Withdrawal) Act 2018 and associated Exit Regulations. The government has published a Keeling Schedule for the UK GDPR which shows the planned amendments.
UNCRC The 1989 United Nations Convention on the Rights of the Child.